Sandboxie leaks pictures - [SOLVED]
Posted: Mon Jan 09, 2017 2:01 pm
Here is a copy of a Word 2010 file that details how I proved Sandboxie leaks pictures ...
USING PIRIFORM’S RECUVA IN THUMBNAIL VIEW, I SCANNED EACH OF THE FOLDERS IN MY C:\ DRIVE.
This scan was performed outside of Sandboxie. I was looking for any pictures (*.jpg|*.png|*.raw|*.gif|*.jpeg|*.bmp|*.tif) in Recuva’s parlance that were produced on screen while operating under the supervision of Sandboxie while cruising the Internet. These pictures, that I did not expect to find outside of Sandboxie after Sandboxie’s files were deleted, appeared in Recuva’s scans
I refer to these pictures as my “the watch criteria” below. None of the watch criteria files were user saved. They were only displayed within the Sandboxie "enclosed" browser (Firefox in my case).
The computer used for this work has only one hard drive naturally named the C:\ drive. This drive (C:\) contained many folders. I scanned each of these folders separately using Recuva. The results of these scans produced only six files as matching my watch criteria. Here they are as Filename and Path. The duplicate was indeed a duplicate.
Scanning C:\Users\*
Found 1,638 files 3 of which satisfy the watch criteria.
Filename: tree_view[1].jpg
Path: C:\Users\Rodger A Sanders\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5UVIAZV
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Path: C:\Users\Rodger A Sanders\AppData\Local\Mozilla\Firefox\Profiles\86nikl3x.default-1444703085006\cache2\entries
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Path: C:\Users\Rodger A Sanders\AppData\Local\Mozilla\Firefox\Profiles\86nikl3x.default-1444703085006\cache2\entries
==============================================================================
Scanning C:\Program Data\*
Found 44 files 2 of which satisfy the watch criteria.
Filename: {CCFFD13D-C418-4AFB-83FA-E9CEACE148BC}
Path: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource
Filename: {3264B22E-2E72-4134-9FCA-D0F263D9F448}
Path: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource
==============================================================================
Scanning C:\Program Files\*
Found 120 files 1 of which satisfies the watch criteria.
Filename: CrtCheck.exe
Path: C:\Program Files\AVAST Software\Avast\x64
==============================================================================
==============================================================================
Having scanned EACH of the folders in C:\, the above are the only files that fit the watch criteria.
I then scanned the complete C:\ “folder” as reported below…
==============================================================================
Scanning C:\*
Found 11030 files 756 of which satisfies the watch criteria.
Which means that 756 – 6 = 750 lay outside of the subdirectories on the C:\ folder.
==============================================================================
I selected all of the 11030 files and requested that Piriform Recuva secure overwrite them all.
Recuva overwrote 5825 files in 10 minutes 36 seconds. File types not overwritten were…
File is resident in the MFT
File is already overwritten by existing files(s)
As reported by Recuva. I then ran a scan on C:\ to verify the result of the overwrite. It bombed.
==============================================================================
Scanning C:\*
Found 10995 files of which a large number satisfies the watch criteria many of which were recognizable from the scan of C:\* prior to the secure overwrite. I did not count each hit on my watch criteria. Piriform – you are not doing what you claim.
I am running Eraser on unused space on C:\* to see if that program will get the job that Sandboxie should have been doing done. Eraser completed in 3 hrs. 7 min. with warnings. What warnings? Here is the entire log…
Session: Monday, January 09, 2017 7:01:26 AM
Monday, January 09, 2017 7:01:26 AM Information Session started
Monday, January 09, 2017 7:01:27 AM Warning This computer has had System Restore or Volume Shadow Copies enabled. This may allow copies of files stored on the disk to be recovered and pose a security concern.
Monday, January 09, 2017 11:08:49 AM Information Session ended
I then ran Recuva on C:\ again to see if Erase had done its job. It did.
Running Recuva on C:\ after the erase. 1/9/2017 11:36 AM.
This scan found 1419 files of which 0 satisfied the watch criteria.
I searched the 1419 files found for each of the file names found earlier….
Filename: tree_view[1].jpg
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Filename: {CCFFD13D-C418-4AFB-83FA-E9CEACE148BC}
Filename: {3264B22E-2E72-4134-9FCA-D0F263D9F448}
Filename: CrtCheck.exe
Yes, there were two identical files (names) found. None of these files were found.
NOTE: The filenames did not represent the content of the six files.
Bottom Line: Sandboxie leaks pictures that Recuva can find and restore. I did not restore any of the files. If you are serious about using Sandboxie as a privacy program for photographic content – FORGET IT. After you “delete” Sandboxie’s files, run Eraser on all drives that Sandboxie can touch to finish the job.
I did not test for the other file types that Recuva can find BUT as far as Sandboxie’s privacy claims go – be careful.
USING PIRIFORM’S RECUVA IN THUMBNAIL VIEW, I SCANNED EACH OF THE FOLDERS IN MY C:\ DRIVE.
This scan was performed outside of Sandboxie. I was looking for any pictures (*.jpg|*.png|*.raw|*.gif|*.jpeg|*.bmp|*.tif) in Recuva’s parlance that were produced on screen while operating under the supervision of Sandboxie while cruising the Internet. These pictures, that I did not expect to find outside of Sandboxie after Sandboxie’s files were deleted, appeared in Recuva’s scans
I refer to these pictures as my “the watch criteria” below. None of the watch criteria files were user saved. They were only displayed within the Sandboxie "enclosed" browser (Firefox in my case).
The computer used for this work has only one hard drive naturally named the C:\ drive. This drive (C:\) contained many folders. I scanned each of these folders separately using Recuva. The results of these scans produced only six files as matching my watch criteria. Here they are as Filename and Path. The duplicate was indeed a duplicate.
Scanning C:\Users\*
Found 1,638 files 3 of which satisfy the watch criteria.
Filename: tree_view[1].jpg
Path: C:\Users\Rodger A Sanders\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5UVIAZV
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Path: C:\Users\Rodger A Sanders\AppData\Local\Mozilla\Firefox\Profiles\86nikl3x.default-1444703085006\cache2\entries
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Path: C:\Users\Rodger A Sanders\AppData\Local\Mozilla\Firefox\Profiles\86nikl3x.default-1444703085006\cache2\entries
==============================================================================
Scanning C:\Program Data\*
Found 44 files 2 of which satisfy the watch criteria.
Filename: {CCFFD13D-C418-4AFB-83FA-E9CEACE148BC}
Path: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource
Filename: {3264B22E-2E72-4134-9FCA-D0F263D9F448}
Path: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource
==============================================================================
Scanning C:\Program Files\*
Found 120 files 1 of which satisfies the watch criteria.
Filename: CrtCheck.exe
Path: C:\Program Files\AVAST Software\Avast\x64
==============================================================================
==============================================================================
Having scanned EACH of the folders in C:\, the above are the only files that fit the watch criteria.
I then scanned the complete C:\ “folder” as reported below…
==============================================================================
Scanning C:\*
Found 11030 files 756 of which satisfies the watch criteria.
Which means that 756 – 6 = 750 lay outside of the subdirectories on the C:\ folder.
==============================================================================
I selected all of the 11030 files and requested that Piriform Recuva secure overwrite them all.
Recuva overwrote 5825 files in 10 minutes 36 seconds. File types not overwritten were…
File is resident in the MFT
File is already overwritten by existing files(s)
As reported by Recuva. I then ran a scan on C:\ to verify the result of the overwrite. It bombed.
==============================================================================
Scanning C:\*
Found 10995 files of which a large number satisfies the watch criteria many of which were recognizable from the scan of C:\* prior to the secure overwrite. I did not count each hit on my watch criteria. Piriform – you are not doing what you claim.
I am running Eraser on unused space on C:\* to see if that program will get the job that Sandboxie should have been doing done. Eraser completed in 3 hrs. 7 min. with warnings. What warnings? Here is the entire log…
Session: Monday, January 09, 2017 7:01:26 AM
Monday, January 09, 2017 7:01:26 AM Information Session started
Monday, January 09, 2017 7:01:27 AM Warning This computer has had System Restore or Volume Shadow Copies enabled. This may allow copies of files stored on the disk to be recovered and pose a security concern.
Monday, January 09, 2017 11:08:49 AM Information Session ended
I then ran Recuva on C:\ again to see if Erase had done its job. It did.
Running Recuva on C:\ after the erase. 1/9/2017 11:36 AM.
This scan found 1419 files of which 0 satisfied the watch criteria.
I searched the 1419 files found for each of the file names found earlier….
Filename: tree_view[1].jpg
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Filename: {CCFFD13D-C418-4AFB-83FA-E9CEACE148BC}
Filename: {3264B22E-2E72-4134-9FCA-D0F263D9F448}
Filename: CrtCheck.exe
Yes, there were two identical files (names) found. None of these files were found.
NOTE: The filenames did not represent the content of the six files.
Bottom Line: Sandboxie leaks pictures that Recuva can find and restore. I did not restore any of the files. If you are serious about using Sandboxie as a privacy program for photographic content – FORGET IT. After you “delete” Sandboxie’s files, run Eraser on all drives that Sandboxie can touch to finish the job.
I did not test for the other file types that Recuva can find BUT as far as Sandboxie’s privacy claims go – be careful.